Managing mobile device identities

ABSTRACT

A method of managing identities for use in a mobile telecommunications device in a telecommunications network is described. First of all, an identity management process is triggered. After this, one or more parameters associated with the mobile telecommunications device is detected. The identity management process than has the following features. An identity management rule determined by the one or more parameters is detected. An identity database is then searched. Each record of the identity database comprises an identity and additional identity information for each identity, wherein the searching prioritises records according to the identity management rule. An identity is then selected when a record conforming to the identity management rule is found in said searching. The active identity of the mobile telecommunications device is then changed to be the selected identity when the active identity is not already the selected identity. A subscriber identity module adapted for use with this method is described.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of U.S. application Ser.No. 13/236,253 filed on Sep. 9, 2011.

FIELD OF THE INVENTION

The invention relates to telecommunications, and specifically to themanagement of identity in mobile devices attaching to telecommunicationsnetworks.

BACKGROUND TO THE INVENTION

A primary customer identity is usually a unique human being but can be amachine, or sometimes a company entity such as a department. On atelecommunications network itself, identity is represented by one ormore identifiers recognised by elements of, or attached to, the network.In the context of mobile telecommunications, such identifiers arecommonly the customers IMSI (International Mobile Subscriber Identity)that resides on a SIM (Subscriber Identity Module), a telephone numberMSISDN (Mobile Subscriber Integrated Services Digital Network Number),or other important identities such as MAC (Media Access Control)address, IP address, email address and IMEI (International MobileEquipment Identity).

In the GSM (Global System for Mobile communication) authentication isperformed using a SIM inserted into the mobile communications device.This manages the connection to the network as well as the user identityand the network subscriber keys. There are two types of networkservice—home service and roaming service.

‘Roaming’ refers to extending the connectivity of a service to alocation that is different from a home location. When a mobilecommunications device, such as a mobile telephone, travels with a useroutside of their home operator coverage area—‘territory’—the device canstill access services using roaming mechanisms/services. However, thereare a growing number of people who live in more than one home and, ofcourse, machines such as airplanes and cars don't have a ‘home’ in thehuman sense of the word. Such users are poorly served by currentsystems.

Another problem travellers experience as they travel near country orregion borders is that mobile phones may inadvertently attach to aforeign network, even though they may be physically in a home territory.Under normal operation, once a handset (i.e. a mobile phone) is attachedto a network, it remains attached to it until signal is lost or if thesubscriber manually disconnects. As a result, the user is charged highroaming charges for an extended period even if though they werephysically in their home territory. In some regions such as Canada, USAand India where there is national roaming this effect can lead toaccidentally high bills even when the customer is not travelling at all.

There are few options available to users when travelling which helpreduce these surcharges:—

One option for a user is to purchase a plurality of additional pre-paysubscriber identification modules (SIMs), one for each territory whichthe user visits. A SIM is a plastic card with embedded electroniccircuitry, which has a unique serial number and an international numberfor the mobile user (IMSI). The SIM enables communication between themobile device and available cellular networks. Therefore, by purchasinga plurality of different SIMs,—one for each territory—the user is ableto replace the original SIM with an appropriate SIM for the territorybeing visited. In this way, the mobile device appears to be a subscriberof the foreign network, which means the user can make and receive callsor use data services without incurring roaming surcharges.

This option has many disadvantages:

-   -   the user must purchase and carry around a plurality of different        SIM cards;    -   the user must ensure that there is sufficient credit in the        accounts linked with each SIM card. Furthermore, it is not        desirable to have unused credit on a number of different        networks, as this credit may be wasted without being redeemed;    -   The act of maintaining a plurality of different SIM accounts is        cumbersome and time consuming, involving considerable user        interaction;    -   When the Subscriber swaps SIM their mobile number changes this        means they are no longer reachable on their normally used        number. Further if they make an outbound call their Caller Line        Identifier (CLI) will be a new one and therefore unknown to the        receiver. This may result in the called party refusing to answer        that call as they do not recognise the caller.    -   Law enforcement agencies are frustrated in their endeavours to        keep track of undesirable people as they effectively have to        keep track of multiple copies of the same person.

There are attempts in the prior art to address at least some of theseproblems.

WO2006/002951 (Brunnekreef) relates to an approach in which the user (oran application) on the mobile phone can pre-pend a (sometimes hidden)telephone number of an intermediate service that will accept the user'scall, remove the pre-pended information and call the desired destinationnumber. The caller then drops the call automatically and awaits acall-back. The intermediate service calls the user back to complete theconnection, and this may give the user better calling rates than normalroaming surcharges. This has the disadvantage of introducing a delay inthe communication channel while the user is trying to contact anotherparty. Furthermore, the user gets a very poor user experience due tohandset software compatibility issues: depending on the model of themobile phone, the phone may appear to ‘do nothing’ until it gets thecall back, strange messages such as ‘call failed’ or ‘call blocked’ mayappear or the service may not work at all.

Another prior art approach is to have a mechanical device that includesa flexible strip (often called a slim SIM). This device physicallyconnects multiple SIMs to a handset, and can be used with a means ofswitching between the SIMs. This device requires there to be some sparespace within the handset to store the additional SIMs, and this solutionis problematic to implement if the SIMs are not compatible with eachother (e.g. use different data speeds or voltages). Alternately theImages of all but one SIM can be cloned onto the SlimSIM chip and aremaining SIM used—a one plus many clones solution. Again the physicalform factor is incompatible with many handsets and the cloning of SIMsis unlawful in many countries and breaks contracts in almost all cases.

Multi-IMSI SIMs are available that offer the capability of beingpre-programmed with a plurality of mobile subscriber data sets. The datasets are sometimes incorrectly referred to as IMSIs, hence the name‘multi-IMSI SIM’, but are actually data sets which each comprise aninternational mobile subscriber identity (IMSI) and othernetwork-related data. These SIMS have processing capability and analgorithm to present the correct set of data to the phone based on thelocation of that phone. This allows the phone to present as a ‘local’subscriber to the network in question.

Many fixed format Dual and Multiple IMSI SIM systems have been sold bycompanies such a as VeriSign, Gemalto □and these are described invarious patent applications such as Cammileri (WO2007102003), Stadelmann(WO9955107), Salomon (WO0221872), Bongers (WO0049820). In such systems,a piece of software runs in the SIM or on the handset or a separateelectronic module and makes decisions as to which IMSI to use given thelocation and available networks. Such systems are sometimes calledSmartSIMs, but in fact this is a misnomer as all SIMs are smart andcontain a microprocessor and memory to run network selection andauthentication programs.

Such systems are however typically relatively inflexible to changes innetwork availability over time and require informed decision making fromusers. This can result in failures of operation and poor networkchoices.

An improved system is disclosed in the applicant's earlier WO2011/036484. This discloses a system in which a central service—an “IMSIBroker”—is adapted to provision the SIM of a mobile handset with newidentities as required. While this approach addresses certain problemsof the prior art, it does not in itself solve the problem of makingreliable and effective choices of identity at the mobile handset.

SUMMARY OF INVENTION

In a first aspect, the invention provides a method of managingidentities for use in a mobile telecommunications device in atelecommunications network, the method comprising: triggering anidentity management process; detecting one or more parameters associatedwith the mobile telecommunications device; in the identity managementprocess, selecting an identity management rule determined by the one ormore parameters detected; in the identity management process, searchingan identity database wherein each record comprises an identity andadditional identity information for each identity, wherein the searchingprioritises records according to the identity management rule; in theidentity management process, selecting an identity when a recordconforming to the identity management rule is found in said searching;and in the identity management process, modifying an active identity ofthe mobile telecommunications device to be the selected identity whenthe active identity is not already the selected identity.

This method is particularly effective as the present inventors havedetermined that parameters associated with the mobile telecommunicationsdevice itself, rather than just those relating to location, may beparticularly important to identity choice. This is because it is foundthat some identities (because, for example, of the properties or methodof operation of associated telecommunications networks) are particularlyeffective or less prone to problems than others for particular mobiletelecommunications devices.

Preferably each said identity comprises an IMSI.

The one or more parameters comprise a handset type. This may be asdetermined from the TAC code in the IMEI of the handset. The one or moreparameters may also comprise a subscription type associated with thedevice, wherein the subscription type relates to one or more of a deviceoperating system and a communication type. These parameters allow for aneffective choice of identity to avoid difficulties which may occur withparticular combinations of mobile communications device and network.

The additional information may comprise an MCC and an MNC for eachidentity. If so, it is advantageous for the identity management rule toallow for selection of an identity based on matching of some or all ofan MCC or an MNC value. If there is no match established by the identitymanagement rule to a specific identity, a new identity may be selectedfrom a pool of matching identities.

Advantageously, a process of modifying the active identity is determinedaccording to the one or more parameters of the device. This allowsmodification of the active identity to be carried out effectively inaccordance with the capabilities of the device itself.

Advantageously, if on modifying the active identity no service isprovided to the new active identity, the active identity is modified toa backup identity different from the identity for which no service wasprovided. This ensures that the device is not fixed with an identitywhich is theoretically the best, but which has in practice a serviceproblem—with this approach, service will still result even if theinitial identity choice is ineffective.

In a further aspect, the invention provides a subscriber identity modulefor use in a mobile telecommunications device and having a plurality ofidentities for use in a mobile telecommunications network, thesubscriber identity module comprising a memory and a processor, whereinthe memory comprises an identity management process for execution by theprocessor and an identity database, wherein the processor is adapted to:on triggering, initiate the identity management process; detect one ormore parameters associated with the mobile telecommunications device; inthe identity management process, selecting an identity management ruledetermined by the one or more parameters detected; in the identitymanagement process, search an identity database wherein each recordcomprises an identity and additional identity information for eachidentity, wherein the searching prioritises records according to theidentity management rule; in the identity management process, select anidentity when a record conforming to the identity management rule isfound in said searching; and in the identity management process, modifyan active identity of the mobile telecommunications device to be theselected identity when the active identity is not already the selectedidentity.

In a further aspect, the system involves a method of managing identitiesfor use in a mobile telecommunications device in a telecommunicationsnetwork, the method comprising: triggering an identity managementprocess; detecting one or more parameters associated with the mobiletelecommunications device; in the identity management process, selectingan identity management rule determined by the one or more parametersdetected; in the identity management process, searching an identitydatabase wherein each record comprises an identity and additionalidentity information for each identity, wherein the searchingprioritises records according to the identity management rule; in theidentity management process, selecting an identity when a recordconforming to the identity management rule is found in said searching;and in the identity management process, modifying an active identity ofthe mobile telecommunications device to be the selected identity whenthe active identity is not already the selected identity.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein each said identity comprises an IMSI.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein the one or more parameters comprise ahandset type.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein the handset type is determined from theTAC code in the IMEI of the handset.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein the one or more parameters comprise asubscription type associated with the device, wherein the subscriptiontype relates to one or more of a device operating system and acommunication type.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein the additional information comprises anMCC and an MNC for each identity.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein the identity management rule allows forselection of an identity based on matching of some or all of an MCC oran MNC value.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein if there is no match established by theidentity management rule to a specific identity, a new identity isselected from a pool of matching identities.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein a process of modifying the active identityis determined according to the one or more parameters of the device.

In a further aspect, the invention provides a method as recited in anyof the above aspects, wherein if on modifying the active identity noservice is provided to the new active identity, the active identity ismodified to a backup identity different from the identity for which noservice was provided.

In a further aspect, the invention provides a subscriber identity modulefor use in a mobile telecommunications device and having a plurality ofidentities for use in a mobile telecommunications network, thesubscriber identity module comprising a memory and a processor, whereinthe memory comprises an identity management process for execution by theprocessor and an identity database, wherein the processor is adapted to:on triggering, initiate the identity management process; detect one ormore parameters associated with the mobile telecommunications device; inthe identity management process, selecting an identity management ruledetermined by the one or more parameters detected; in the identitymanagement process, search an identity database wherein each recordcomprises an identity and additional identity information for eachidentity, wherein the searching prioritises records according to theidentity management rule; in the identity management process, select anidentity when a record conforming to the identity management rule isfound in said searching; and in the identity management process, modifyan active identity of the mobile telecommunications device to be theselected identity when the active identity is not already the selectedidentity.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein each of the plurality of identities areIMSIs.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein the one or more parameters comprise ahandset type.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein the handset type is determined from theTAC code in the IMEI of the handset.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein the one or more parameters comprise asubscription type associated with the device, wherein the subscriptiontype relates to one or more of a device operating system and acommunication type.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein the additional information comprises anMCC and an MNC for each identity.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein the identity management rule allows forselection of an identity based on matching of some or all of an MCC oran MNC value.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein if there is no match established by theidentity management rule to a specific identity, a new identity isselected from a pool of matching identities.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein a process of modifying the active identityis determined according to the one or more parameters of the device.

In a further aspect, the invention provides a module as recited in anyof the above aspects, wherein if on modifying the active identity noservice is provided to the new active identity, the active identity ismodified to a backup identity different from the identity for which noservice was provided.

BRIEF DESCRIPTION OF DRAWINGS

Specific embodiments of the invention will be described below, by way ofexample, with reference to the accompanying drawings, of which:

FIG. 1 is an overview of a conventional communications system in whichaspects of the present invention can operate;

FIG. 2 is a functional block diagram of a system in which identities maybe provided by a central service, and also show the elements of a SIM inaccordance with embodiments of the invention;

FIG. 3 shows elements of an identity management process in accordancewith one aspect of the invention;

FIG. 4 illustrates different possible trigger steps in the process ofFIG. 3, and their consequences;

FIG. 5 illustrates an IMSI selection procedure for use in the process ofFIG. 3;

FIG. 6 illustrates a process for managing an IMSI pool for use in theIMSI selection procedure of FIG. 5; and

FIG. 7 illustrates a data record structure for use in the process ofFIG. 3.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

FIG. 1 provides a schematic representation of two cellulartelecommunications networks, one in the UK and one in Italy, to indicatethe general roaming problem addressed by embodiments of the invention.In reality there are many more Mobile Network Operators (MNO), MobileVirtual Network Operators (MVNO) or Mobile Virtual Network Enablers(MVNE), and as such many more cellular telecommunications networks.However, FIG. 1 represents only two networks for simplicity.

When a first user makes a call from a first mobile phone 10 in the firstuser's local network, for example, in the UK, to a second user 20 in aforeign network (i.e. Italy), the call is routed through the localnetwork's base station subsystem (BSS) 30 to a local network switchingsubsystem (local-NSS) 32, the call is then routed through the SignalingSystem Number 7 (SS7) 34 network to the foreign network, and through aforeign network switching subsystem (foreign-NSS) 36 to the foreignnetwork's base station subsystem 38. The call is finally routed to thesecond user's mobile phone 20. Calls in the opposite direction arerouted in the same way, through the foreign network's base stationsubsystem, to the foreign network switching subsystem 36, through SS7 34to the local network switching subsystem (local-NSS) 32, on to the localnetwork's base station subsystem (BSS) 30, and finally to the firstmobile phone 10.

The way that the call is routed to the correct recipient is through aplurality of location registers which form part of the networksubsystems. For every user registered in a particular cellulartelecommunications network, there is a record held in that network'sHome Location Register (HLR) 40, 42. The HLR 40,42 is a central databasethat contains details of each mobile phone subscriber that is authorizedto use that particular network.

The HLR stores details of every Subscriber Identity Module (SIM) cardissued by the mobile phone operator (i.e. MNO, MVNO or MVNE). A SIM is aplastic card with embedded electronic circuitry, which is inserted intothe mobile phone. Each SIM has a unique identifier called anInternational Mobile Subscriber Identity (IMSI) which is a primary keyto each HLR record. IMSIs are used in any mobile network thatinterconnects with other networks, including CDMA and EVDO networks aswell as GSM networks.

An IMSI is usually 15 digits long, but there are some exceptions.Typically the first 3 digits are the Mobile Country Code (MCC), followedby the Mobile Network Code (MNC), (either 2 digits (European standard)or 3 digits (North American standard)). The remaining digits contain amobile station identification number (MSIN) within the networks customerbase.

SIMs also comprise one or more MSISDNs, which are the telephone numbersused by mobile phones to make and receive calls. Each MSISDN is also aprimary key to the HLR record.

In summary, there is a relationship between the HLR, MSISDN, IMSI, andthe SIM. The SIM is the physical device which contains a record of theIMSI. The MSISDN is the unique number identifying the mobile phone. TheIMSI is the unique identifier of the user subscribing to the network,and the HLR is the system that maps MSISDNs to IMSIs and vice versa.

The above holds true when a user ‘roams’ away from their home/localnetwork to a foreign network also called a roamed-to network. However,when a mobile phone attempts to connect to a network which is not thehome/local network, the roamed-to network communications with the homenetwork in order to verify whether the mobile phone is authorised to usethe roamed-to network. This communication is possible because there arereciprocal agreements between many of the available network operators.

When a user roams away from their home service and into an area servedby another operator, messages are exchanged over the SS7 network and theroamed-to network operator obtains information from the home network'sHLR and creates a temporary record for the subscriber in its VisitorLocation Register (VLR) 44, 46. The VLR is a database which ismaintained by a network operator (in the same way as the HLR ismaintained). However, the VLR of the Mobile Switching Center (MSC)contains temporary information about mobile users that are currentlylocated within the service area of that MSC. When calls are made fromthe mobile phone, the VLR is checked for authorisation, and assumingauthorisation is permitted, the Mobile Switching Center (MSC) permitstracking of the use of the mobile phone for billing purposes. The HLRsubscriber profile (i.e. which services are allowed) is downloaded tothe VLR when subscribed user registers on (connects to) the network(same for roaming and home network). All call handling and billingrelated call data record (CDR) generation is done by the MSC—the HLR isnot involved.

So using the example in FIG. 1, a user subscribed to a mobile networkoperator in the UK visits Italy. When the user arrives in Italy andturns on the mobile phone, the mobile phone will try to connect to anavailable Italian network operator 36. The Italian network operator canidentify from the IMSI number stored in the SIM card that the user isnot subscribed to the Italian network, and as such, will contact theuser's home network 32 in the UK to verify whether the user isauthorised to use the Italian network.

The VLR 46 updates the HLR 40 in the UK, with location information overSS7 with a Location Update message (LU). The LU message is routed to theHLR(UK) based on the global title translation of the IMSI that iscontained in a Signalling Connection Control Part (SCCP) field of theLU. The HLR(UK) informs the VLR(IT) as to the status of the subscriberand whether service is to be provided in the roamed-to network, i.e. theItalian network. If the user is authorised, the Italian networkgenerates a temporary record for the user in the Italian VLR 46.

As described above, there are problems associated with roaming servicesin that users connected to a roamed-to network incur heavy surchargeswhen making or receiving calls or using data services on their mobilephones. This is true regardless of where the user is calling, or who iscalling the user. In the above example, the user visiting Italy willincur roaming charges when calling local Italian phone numbers as wellas calling phones in the home network in the UK and elsewhere.Similarly, roaming charges will be applied to incoming calls from eitherUK, Italian or other phone numbers.

The prior art methods for reducing these roaming charges are cumbersomeas they require the user to purchase, carry around, and maintain theaccounts of, many different SIM cards, or they require a high degree ofuser interaction in order to utilise one of the services to circumventthese roaming charges. However, as described above there are many knownproblems with these services.

As described above, WO 2011/036484, the disclosure of which isincorporated by reference herein to the extent permitted by law,provides an additional central server within a typical cellulartelecommunications network. The additional central server is able toprovide, as required, a plurality of additional IMSIs to a mobile phone,when the mobile phone is connected to a roamed-to network in anothercountry/region. The additional central server is referred to as an IMSIBroker. In such a system, the IMSI Broker is arranged to determinewhether the SIM card in the mobile phone has an appropriate IMSI for theroamed-to network. The SIM cards required for this embodiment of theinvention are capable of storing a plurality of alternative IMSIs fordifferent networks, together with associated rules governing when thealternative IMSIs should be used. In this embodiment, the IMSI brokerhas access to a database store of alternative (new) IMSIs for multipleforeign networks (FNOs) and is arranged to distribute these new IMSIs asnecessary to users who are subscribed to a network comprising an IMSIbroker and, who are roaming across networks.

In this arrangement, each SIM has the capability of storing a pluralityof IMSIs that can be used in a specific territory (country or region) toachieve the best possible calling rates. The SIM also has a set of rulesto drive the selection of the best possible IMSI. Every time a userenters a different territory (mostly a new country, but it could also bea new region within a country), the IMSI Broker will issue the bestpossible IMSI and IMSI selection rules for that territory. The IMSIBroker will send this new IMSI to the SIM via Over The Air (OTA). Thissolution eliminates the need to swap out SIMs when new wholesale networkdeals become available. Subscribers are issued an additional IMSI whenand where available.

Updates and management of the data in the SIM can be achieved over theair interface using any available OTA radio connection. Some examples,include but are not limited to, cellular signalling channels, cellulardata connections, text messaging, WiFi, Bluetooth & WiMAX. A personskilled in the art will appreciate that ‘OTA’ shall include all possibleconnections to the mobile handset and any other method of transferringdata to the handset device such as wired connection to a PC, Infra-Redand so on.

Using this approach, the SIM may, at the time of manufacture, beprogrammed to include a plurality of IMSIs corresponding to populardestinations. In another embodiment, the SIM may be programmed with aplurality of IMSIs at registration with the network, in accordance withuser selection of countries or territories to which the user expects tovisit in the future. In another embodiment, the SIM may only compriseone IMSI after manufacture and registration, such that all of thenew/alternative IMSIs are delivered from the IMSI Broker as and when theuser visits new countries/territories.

SIMs are evolving continuously, and currently known SIMs may be capableof storing up to 256 different IMSIs in the SIM's memory. This number islikely to increase further. However, regardless of the number of IMSIsthat the SIM is able to hold, other memory constraints may mean that anupper limit is placed on the number of IMSIs to be stored within theSIM. In cases where an upper limit is reached, according to oneembodiment of the present invention, the SIM is able to dynamicallyoverwrite a stored IMSI with a newly obtained IMSI. The decision as towhich IMSI is overwritten can be based on a number of factors, forexample, any unused IMSI may be the first to be overwritten. LikewiseIMSIs that have been used the least, or which have been used lessfrequently may be overwritten before more popular/recently used IMSIs.

While embodiments of the present invention may be used effectively withthe IMSI Broker described here, and in more detail in WO 2011/036484,the IMSI Broker is not itself an aspect or feature of the presentinvention, which is directed to management of identity at a mobiledevice.

FIG. 2 shows a schematic overview of an integrated IMSI Broker 108 and ahandset SIM 530 in communication with it over a network. In this sense,network need not be limited to the physical network which is operated bya single network operator. In other words, the term network may be takento mean a collection of co-existing networks.

The MSC of a network communicates with the HLR 111, which in turncommunicates with the IMSI Broker 108 and an Intelligent Network(IN)/Back-office Services system (BSS) module 113. The IN/BSS module hasaccess to a user dB which comprises a record for each user subscribed tothe network. The IN/BSS module 113 is responsible for monitoring theuser's usage, i.e. voice calls, SMSs, data usage etc, such that a recordis kept for billing purposes. In one embodiment, the IN module 113 isalso responsible for ensuring that caller ID information, also known asCaller Line Identification (CLI), is stored and provided during callswhile roaming, to ensure that there is transparency for the calledparties.

The IMSI Broker 108 has access to an IMSI Pool 109, which is a databasecomprising a plurality of available IMSIs for differentterritories/locations. IMSIs by their nature are territory specific.They are both country specific, and may also be region specific incountries (i.e. USA, India) where there may be surcharges for regionalroaming as well as international roaming. An IMSI which is registered onan HLR in one territory will be deemed to be roaming if connected to anetwork/HLR in a different territory. Therefore, for each territory inthe IMSI Pool 109 there is a sub-pool or range of suitable IMSIs whichmay be used. This is described in more detail later.

The IMSI Broker 108 comprises an IMSI updater 500, and IMSI checker 510,and a rules manager 520.

The network also comprises an OTA module which is arranged to sendupdate messages to mobile phones as necessary. The update messages mayinclude alternative IMSIs and/or rule update messages. This updatingmechanism is not limited to provision of alternative IMSIs or associatedrules—it may also be used to provide other updates to the SIM card (suchas new versions of installed software) and also for verification ofsettings.

The HLR is further arranged to communicate with a plurality of foreignnetworks (operated by foreign network operators FNOs). The communicationchannel between the HLR and foreign networks is through the SS7 network.

FIG. 2 also comprises a schematic block diagram of the functionalcomponents within the SIM 530. As shown the SIM comprises a current IMSI540, a current MSISDN 542, a SIM application (SIMAPP) 544 for executingfunctional steps on the SIM, and a database 546 of available IMSIs,associated rules, and MSISDNs.

The skilled person will review WO 2011/036484 for further details of theIMSI Broker system, as required. Embodiments of the present inventionwill now be described with reference to a SIM of the type illustrated inFIG. 2—as indicated above, such a SIM may or may not be used inconnection with an IMSI Broker system as indicated here, or may be usedindependently of such a system (or with a different type of system forproviding user identities where required).

In one aspect, aspects of the invention involve a method of managingidentities for use in a mobile telecommunications device in atelecommunications network, the method comprising:

triggering an identity management process;

detecting one or more parameters associated with the mobiletelecommunications device;

in the identity management process, selecting an identity managementrule determined by the one or more parameters detected;

in the identity management process, searching an identity databasewherein each record comprises an identity and additional identityinformation for each identity, wherein the searching prioritises recordsaccording to the identity management rule;

in the identity management process, selecting an identity when a recordconforming to the identity management rule is found in said searching;and

in the identity management process, modifying an active identity of themobile telecommunications device to be the selected identity when theactive identity is not already the selected identity.

This approach can be used on different types of telecommunicationsnetwork, but is effective on a GSM network, or on a 3G or LTE network asspecified by 3GPP. The SIM may be a conventional SIM, or may be a USIMrunning on a smart card running on a 3G phone—the term “SIM” will beused hereafter for all types of SIM, whether embodied as a SIM card, anapplication on a smart card, or a routine instantiated virtually.Advantageously, such a SIM is designed and implemented according tocurrently applicable standards (at the present time, such standardsinclude ETSI TS 151.011, ETSI TS 131 101, ETSI TS 102 221, ETSI TS 131102, ETSI TS 131 111 and ETSI TS 151 014). An effective approach forimplementing the method to be described is a USIM and SIM combination inwhich the SIM and USIM (hereafter called (U)SIM) are designed andimplemented as per ETSI TS 151.011, ETSI TS 131 101, ETSI TS 102 221,ETSI TS 131 102, ETSI TS 131 111 and ETSI TS 151 014. Additionally, anapplication and additional files are added to the (U)SIM that implementthe method.

As shown in FIG. 3, there are a series of main stages are present in aprocess operated according to an embodiment of the invention. These area trigger step 1, an identity selection step 2, a pooling identityselection step 3, and an identity swap step 4, 5. The identity selectedand swapped is in this case an IMSI—the approach shown here may howeverbe applied to the selection and swapping of other identity types. Alsodescribed below, though not shown in FIG. 3, is a mechanism for makingstatus queries.

FIG. 4 illustrates different possible trigger steps and theirconsequences. In embodiments, any of the following events can triggerfurther operation of the application:

-   -   The (U)SIM coming out of RESET    -   A SIM or card application toolkit profile download received by        the (U)SIM.    -   A SIM or card application toolkit EVENT(Location Status)    -   A change to the contents of any specific UICC file.    -   A STATUS command is received by the (U)SIM.    -   A specific plugin is called in the WIB environment.    -   By a specific message over a Java shareable interface.    -   A change to the IMSI storage file used by the application by a        message from a remote service (IMSI Broker).    -   An instruction to change IMSI to a specific IMSI from a remote        service (IMSI Broker).    -   An instruction to change the IMSI selection mode to ‘AUTOMATIC’        from a remote service.

If the trigger is the (U)SIM coming out of RESET then the applicationshall initialise itself. As part of this initialisation the SIM mayeither remove all networks from the forbidden list (defined in ETSI TS151 011 and ETSI TS 102 221) or remove just the preferred network forthe current known location before the handset reads this file.Optionally if the IMSI selection mode is set to ‘MANUAL’ then the IMSIselection mode may be changed to ‘AUTOMATIC’.

If the trigger is the (U) SIM receiving a SIM or card applicationtoolkit profile download then the application shall analyse the contentsof the profile download to determine the level of support the handsethas for different aspects of the application function. If the handsetsupports the SIM or Card application toolkit EVENT(Location Status) thenit shall use incoming events to automatically trigger IMSI changes, andotherwise it shall monitor changes in the (U)SIM files and STATUScommands to trigger IMSI changes. OTA triggers and triggers from otherapplications on the card (such as the WIB or Java applications) shallalways be available regardless of the TERMINAL PROFILE.

If the trigger is a SIM or card application toolkit EVENT(LocationStatus) then the application shall use the PROVIDE LOCAL INFORMATION(cell id) to determine the network connection status and the MCC and MNCof the current network (if available) and then follow the IMSI selectionprocedure.

If the trigger is a change to any specific file being monitored for thispurpose then following the file change the application shall use thePROVIDE LOCAL INFORMATION (cell id) to determine the network connectionstatus and the MCC and MNC of the current network (if available) andthen shall follow the IMSI selection procedure.

If the trigger is a STATUS command is received by the (U)SIM then theapplication shall decide whether this STATUS command shall be used as atrigger. This may be decided based on the number of STATUS commandsreceived or by some other means. If triggered by the STATUS command, theapplication shall use the PROVIDE LOCAL INFORMATION (cell id) todetermine the network connection status and the MCC and MNC of thecurrent network (if available). It will then follow the IMSI selectionprocedure.

If the trigger is a change to the IMSI storage file used by theapplication or due to a WIB plugin call with the trigger type set toautomatic, or due to a communication with a Java application over ashareable interface where the selection mode is set to automatic, or amessage from a remote service (IMSI Broker) to go into ‘AUTOMATIC’ mode,then the application shall use the PROVIDE LOCAL INFORMATION (cell id)to determine the network connection status and the MCC and MNC of thecurrent network (if available). It will set the IMSI selection mode to‘AUTOMATIC’ and then follow the IMSI selection procedure.

If the trigger is the selection of a specific IMSI either due to a WIBplugin call with the trigger type set to manual or due to acommunication with a Java application over a shareable interface wherethe selection mode is set to manual or due a message from a remoteservice (IMSI Broker) then the IMSI selection mode shall be set to‘MANUAL’ and the IMSI swap process shall be followed using the specifiedIMSI.

The IMSI selection procedure will now be described. The proceduredescribed below in detail is the automatic process, but there is also anoption to bypass the automatic process by allowing manual selection.

The automatic IMSI selection process is a 2 step procedure:

-   -   Step 1 (shown in FIG. 5)—Selection of an IMSI based on a        specific action based on the type of handset and network        detected    -   Step 2 (shown in FIG. 6)—Selection of an IMSI based on a set        criteria from a pool of IMSIs available for this purpose        (pooling). This selection is not based on the current network.

On entry to the IMSI selection procedure, if the IMSI selection mode isset to manual then the method ends with no change.

If the IMSI selection mode is set to automatic then the handset IMEI isdetected, the subscription type is read from the SIM and the MCC and MNCis retrieved from the result of a PROVIDE LOCAL INFORMATION—Cell ID SIMtoolkit Command. This process is described below in more detail withreference to FIG. 5. It comprises two main stages: determination of thesubscription type, and determination of the IMSI to use based onsubscription type and network code.

The process is started by a specific action (step 1001), for example asdiscussed above with regard to triggering steps. The IMEI (InternationalMobile Equipment Identity, providing a unique identity for each mobiledevice) for the device is then retrieved (step 1002), and the TAC coderetrieved (the TAC or Type Allocation Code identifies the model andorigin of the device and is provided as an 8-digit number forming partof the IMEI).

The TAC code is then matched to a record stored in the SIM (steps 1003and 1004). This need not be an exact match—a wild card mechanism may beused to match only part of the TAC code. If a record is found (step1006) then the actual subscription type to be used and the swapmechanism to be used is determined from that record by using the initialsubscription type from the SIM. As discussed below, the swap mechanismis also made dependent on parameters of the device itself. If nospecific IMEI TAC is matched (step 1005) then a record marked as adefault entry may be used—the actual subscription type to be used andthe swap mechanism to be used is then determined from that record byusing the initial subscription type from the SIM. If no default entryexists for the IMEI matching then the subscription type is unmodifiedand the swap mechanism to be used shall be the default swap mechanismset by the method.

Like handset type, subscription type is also a property of the mobiledevice itself. In some cases, this will be determined by the operatingsystem and processes of the device itself (for example, Apple andBlackBerry devices are differentiated in this way). It may also bedetermined by whether the device is operating according to a prepaid ora postpay protocol, or by whether the device is configured for voice,data, or a combination of the two.

Once the handset type and subscription type have been established, thisis used for IMSI selection. Firstly, a currently active network isdetermined (step 1007) and an attempt is made to match the MCC/MNCcombination of the current network to a record stored in the SIM (step1008). As described previously for the IMEI/TAC, a wild card mechanismmay be used to match only part of the MCC/MNC code.

If a record is found (step 1009) then the IMSI to be used (or areference to that IMSI) is determined by using the IMSI assigned for thecurrent subscription (step 1010). This will typically be a unique choicealready determined for that description. After the selection, the IMSIswap process is initiated (step 1011) as is described further below.However, if no entry exists for the MCC/MNC code matching (step 1012)then a pooling mechanism is used to provide an appropriate IMSI. This isdiscussed with reference to FIG. 6.

The pooling process indicated in FIG. 6 relies on the handset type andsubscription being known as discussed above—the handset type andsubscription constrain the choices available in the pooling process tothose which are suitable for that handset and subscription. The processis called if there is no match to a specific MCC/MNC.

There are many mechanisms specified for IMSI pooling and further methodscan be added remotely over the air. The selection of the poolingmechanism to use may be stored on the SIM, or may be provided as aninput to the process through the trigger.

In the embodiment described here, the following mechanisms may besupported:

-   -   Use first entry—always use the IMSI based on the subscription        type for the first entry in the pooling list.    -   Match first occurrence of MCC—use the IMSI indicated based on        the subscription type for the first pooling record that contains        the current MCC else use first record.    -   In rotation—use the IMSI indicated based on the subscription        type for the next pooling record from the pooling record used        prior to the last switch on.    -   Random—use the IMSI indicated based on the subscription type for        the randomly selected pooling record chosen at switch on.    -   External application—one or more external application is called        to make the IMSI selection.

The implementation of these choices and the resulting process is shownin FIG. 6.

If the new IMSI is different from the current IMSI then the IMSI swapprocess is followed.

If the new IMSI is the same as the current IMSI and if the current IMSIis not allowed to connect to the “allowed network” for that IMSI (thismay be indicated as a “limited service” response to a PROVIDE LOCALINFORMATION(Cell ID) command, a “limited service” indication in theEVENT(Location Status) or a “PLMN not allowed or “Routing area notallowed” in any Loci file.) then the recover service process indicatebelow is followed.

If the SIM is in “network backup mode” the MCC indicated is the same asthe previous MCC indicated then the recover service process is followed.However, if the SIM is in “network backup mode” the MCC indicated isdifferent to the previous MCC indicated then the “network backup mode”is cleared.

The network recover service is used when the expected service is notavailable. This feature, which is an option which may be disabledwithout affecting the operation of other features of this embodiment, isused to try and deliver service to a user when the automatically chosenIMSI is forbidden on a network that the SIM expects service. The recoverservice process checks if a backup IMSI value indicated for the currentrecord is the same as the current IMSI. If it is not the same, the IMSIwill be changed using the IMSI change procedure. The SIM shall then set“network backup mode” as being in effect.

The manual selection process may be chosen as an alternative to theautomatic process, and may be triggered, for example, by a WIB plugin, ajava applet via the shareable interface or by an OTA update of the EFmanual IMSI file.

Using this approach, If the IMSI value indicated manually is differentto the current IMSI then the application checks the IMEI of the deviceand matches it to a record in EF IMEI_Specific_Info. The indicated IMSIswap mechanism for that IMEI (or the default record if there is nomatch) stored on the SIM is then used to change the IMSI.

Returning to FIG. 3, the Change IMSI process to allow IMSIs to beswapped is carried out as follows.

On entry into the IMSI swap procedure the application first checkswhether the new IMSI to be selected is the same as the existing IMSIbeing used.

If it is the same, then the application exits without making any changeto the IMSI and its associated parameters.

If it is different, then the Change IMSI procedure is actioned. Thisprocess is started if the SIM determines it needs to change IMSI. TheIMSI swap process is based on the handset type and its associated entryin the record for that handset type.

The following processes may be supported, for example:

-   -   Refresh (type 6) with all change files notified    -   Refresh (type x) where x is passed to the routine    -   Display to user asking them to switch the phone off then on        again    -   through a separate application 1    -   through a separate application 2

The particular process to be followed may be determined for a specifichandset type chosen to be in accordance with the handset capabilities inorder to ensure effective function.

The application uses the card application toolkit REFRESH command toreset the GSM/3G/LTE session and to inform the handset that thefollowing files have changed. If the handset does not support thiscommand an alternative approach will be taken, such as the applicationrequesting that the user switches the handset off and on using the cardapplication toolkit DISPLAY TEXT command. Alternatively, for particularhandsets a different application entirely may be initiated.

When the UICC restarts, either due to the REFRESH or to whatever changeprocess is used, in embodiments the application may change the followingbefore the handset reads them:

-   -   EF IMSI in DF GSM and ADF USIM are set to the new IMSI.    -   EF SMSP is changed to the SMSC value relevant to the new IMSI        (optional).    -   EF OPLMNwACT is changed to the correct content relevant to the        new IMSI (optional).    -   The authentication parameters are set to the relevant values for        the new IMSI(optional).

The EF LOCI and EF PS_LOCI in DF_GSM and ADF USIM are set to theirinitial provisioned value.

The modification of identity may include the modification of one or moreof the following files in the SIM: EF LOCI, EF PS_LOCI, EF GPRS_LOCI, EFOPLMNwACT, EF PLMNwACT, EF HPLMNwACT, EF PLMNsel, EF FPLMN and EFHPPLMN.

FIG. 7 indicates the types of record held by the SIM in the course ofthis process and the respective record structures. A single initialinformation record will indicate, for example, a subscription type and apooling mechanism to use. Device type records may indicate, for example,modifiers to a subscription type (an initial voice and data subscriptionmay for example need modification to indicate that the device is aBlackBerry, with its own data handling protocols). A specific MCC recordmay effectively divide IMSI and PLMN lists by appropriate subscription,as may pooling records. A specific IMSI record may indicate not only theIMSI, but authentication, address and network identity information too.

The information used for these processes may be used for more than IMSIselection. The method may in embodiments include a query process thatallows other applications to ask whether the current IMSI is the correctIMSI. This method may also generate an event for other applications whenthe correct IMSI is selected and the handset is in a stable state. Thisevent will have a means for the receiving application to register andde-register for this alert. All aspects of the process may be logged inthis way.

This approach allows for reliable management of identity at a mobilehandset, reliability being improved by enabling the procedure to beoptimised for different handset and subscription types—while describedhere with reference to IMSI data, it is also applicable to other typesof identity for use with a communication network. This approach is alsoeffectively used in combination with an IMSI Broker as discussed in WO2011/036484, which can dynamically provide new identities and supportinginformation and parameters to a mobile handset, and which can also be asource of trigger events to prompt a change of IMSI where this isdetermined to be desirable.

The operational data contained in a database record of IMSI data mayoptionally contain primary data or links or pointers, optionally nested,to additional operational data contained other SIM database files.

The SIM database may optionally be pre-loaded at manufacture, ormodified by OTA information sent from the host system.

The term territory used herein is intended to mean any specificlocality, this may be in terms of countries, regions and possible evenfor given networks.

The terms mobile phone, handset, mobile terminal, communications devicemay be considered as being interchangeable within this document.

A person skilled in the art will appreciate that the present inventionis not limited to details of the described embodiments, rather numerouschanges and modifications may be made without departing from the spiritand scope of the invention as set out in the appended claims.

1. A method of managing identities for use in a mobiletelecommunications device in a telecommunications network, the methodcomprising: triggering an identity management process; detecting one ormore parameters associated with the mobile telecommunications device; inthe identity management process, selecting an identity management ruledetermined by the one or more parameters detected; in the identitymanagement process, searching an identity database wherein each recordcomprises an identity and additional identity information for eachidentity, wherein the searching prioritises records according to theidentity management rule; in the identity management process, selectingan identity when a record conforming to the identity management rule isfound in said searching; and in the identity management process,modifying an active identity of the mobile telecommunications device tobe the selected identity when the active identity is not already theselected identity.
 2. A method as claimed in claim 1, wherein each saididentity comprises an IMSI.
 3. A method as claimed in claim 1, whereinthe one or more parameters comprise a handset type.
 4. A method asclaimed in claim 3, wherein the handset type is determined from the TACcode in the IMEI of the handset.
 5. A method as claimed in claim 1,wherein the one or more parameters comprise a subscription typeassociated with the device, wherein the subscription type relates to oneor more of a device operating system and a communication type.
 6. Amethod as claimed in claim 1, wherein the additional informationcomprises an MCC and an MNC for each identity.
 7. A method as claimed inclaim 6, wherein the identity management rule allows for selection of anidentity based on matching of some or all of an MCC or an MNC value. 8.A method as claimed in claim 6, wherein if there is no match establishedby the identity management rule to a specific identity, a new identityis selected from a pool of matching identities.
 9. A method as claimedin claim 1, wherein a process of modifying the active identity isdetermined according to the one or more parameters of the device.
 10. Amethod as claimed in claim 1, wherein if on modifying the activeidentity no service is provided to the new active identity, the activeidentity is modified to a backup identity different from the identityfor which no service was provided.
 11. A subscriber identity module foruse in a mobile telecommunications device and having a plurality ofidentities for use in a mobile telecommunications network, thesubscriber identity module comprising a memory and a processor, whereinthe memory comprises an identity management process for execution by theprocessor and an identity database, wherein the processor is adapted to:on triggering, initiate the identity management process; detect one ormore parameters associated with the mobile telecommunications device; inthe identity management process, selecting an identity management ruledetermined by the one or more parameters detected; in the identitymanagement process, search an identity database wherein each recordcomprises an identity and additional identity information for eachidentity, wherein the searching prioritises records according to theidentity management rule; in the identity management process, select anidentity when a record conforming to the identity management rule isfound in said searching; and in the identity management process, modifyan active identity of the mobile telecommunications device to be theselected identity when the active identity is not already the selectedidentity.
 12. A subscriber identity module as claimed in claim 11,wherein each of the plurality of identities are IMSIs.
 13. A subscriberidentity module as claimed in claim 11, wherein the one or moreparameters comprise a handset type.
 14. A subscriber identity module asclaimed in claim 13, wherein the handset type is determined from the TACcode in the IMEI of the handset.
 15. A subscriber identity module asclaimed in claim 11, wherein the one or more parameters comprise asubscription type associated with the device, wherein the subscriptiontype relates to one or more of a device operating system and acommunication type.
 16. A subscriber identity module as claimed in claim11, wherein the additional information comprises an MCC and an MNC foreach identity.
 17. A subscriber identity module as claimed in claim 16,wherein the identity management rule allows for selection of an identitybased on matching of some or all of an MCC or an MNC value.
 18. Asubscriber identity module as claimed in claim 16, wherein if there isno match established by the identity management rule to a specificidentity, a new identity is selected from a pool of matching identities.19. A subscriber identity module as claimed in claim 11, wherein aprocess of modifying the active identity is determined according to theone or more parameters of the device.
 20. A subscriber identity moduleas claimed in claim 11, wherein if on modifying the active identity noservice is provided to the new active identity, the active identity ismodified to a backup identity different from the identity for which noservice was provided.